General parameters

Configuration files

To configure Self Service Password, you need to create a local configuration file named config.inc.local.php in self-service-password/conf. For example :

<?php
// Override config.inc.php parameters below

?>

Self Service Password default configuration file is self-service-password/conf/config.inc.php. It includes config.inc.local.php. Consequently, you can override all parameters in config.inc.local.php. This prevents you to be disturbed by an upgrade.

Multi tenancy

You can load a specific configuration file by passing a HTTP header. This feature is disable by default. To enable it:

$header_name_extra_config = "SSP-Extra-Config";

Then if you send the header SSP-Extra-Config: domain1, the file conf/config.inc.domain1.php will be loaded.

Using Apache, we may set such header using the following:

<VirtualHost *:80>
   ServerName ssp.domain1.com
   RequestHeader setIfEmpty SSP-Extra-Config domain1
   [...]
</VirtualHost>

Using Nginx, we could use instead:

server {
    [...]
    location ~ \.php {
        fastcgi_param SSP-Extra-Config domain1;
        [...]
    }

Language

Available languages are:

  • Basque (eu)

  • image0 Brazilian (pt-BR)

  • image1 Catalonia (ca)

  • image2 Chinese (cn, zh-CN, zh-TW)

  • image3 Czech (cs)

  • image4 Dutch (nl)

  • image5 English (en)

  • image6 Estonian (ee)

  • image7 French (fr)

  • image8 German (de)

  • image9 Greek (el)

  • image10 Hungarian (hu)

  • image11 Italian (it)

  • image12 Japanese (ja)

  • image13 Norwegian bokmål (nb-NO)

  • image14 Polish (pl)

  • image15 Portuguese (pt-PT)

  • image16 Russian (ru)

  • image23 Serbian (rs)

  • image17 Slovak (sk)

  • image18 Slovenian (sl)

  • image19 Spanish (es)

  • image20 Swedish (sv)

  • image21 Turkish (tr)

  • image22 Ukranian (uk)

Set one of them in $lang:

$lang = "en";

Language is picked according to browser choice among the available ones. All languages are allowed by default, to restrict them add $allowed_lang array:

$allowed_lang = array("en");

Messages

Help messages provide information to users on how use the interface. They can be disabled with $show_help:

$show_help = false;

You can add extra messages by setting values in these parameters:

$messages['passwordchangedextramessage'] = "Congratulations!";
$messages['changehelpextramessage'] = "Contact us if you are lost...";

Graphics

Background

You change the background image with your own. Set the path to image in $background_image:

$background_image = "images/unsplash-space.jpeg";

Tip

Comment this parameter to falll back to default background color

Custom CSS

To easily customize CSS, you can use a separate CSS file:

$custom_css = "css/custom.css";

Debug

You can turn on debug mode with $debug:

$debug = true;

Tip

Debug messages will be printed in server logs.

This is also possible to enable Smarty debug, for web interface issues:

$smarty_debug = true;

Tip

Debug messages will appear on web interface.

Security

You need a key phrase if you use ciphered tokens (see Reset by mail tokens)

$keyphrase = "secret";

There is also a protection on login to avoid LDAP injections. Some characters are forbidden, you can change the list of forbidden characters in login with $login_forbidden_chars:

$login_forbidden_chars = "*()&|";

Tip

If no characters are configured in $login_forbidden_chars, only alphanumeric characters are allowed.

You can configure “obscure” messages, so that some errors are not displayed and replaced by a generic “bad credentials” error:

$obscure_failure_messages = array("mailnomatch");

For the reset process via mail token, there is also a specific parameter, enabled by default, to avoid account disclosure:

$obscure_usernotfound_sendtoken = true;

Set this parameter to false if you want to show an error if the account entered by the user do not exist in the directory.

Default action

By default, the password change page is displayed. You can configure which page should be displayed when no action is defined:

$default_action = "change";

Possibles values are:

  • change

  • sendtoken

  • sendsms

You can disable the standard password change if you don’t need it:

$use_change = false;

In this case, be sure to also remove “change” from default action, else the change page will still be displayed.

Prefill user login

If Self Service Password is called from another application, you can prefill the login but sending an HTTP header.

To enable this feature:

$header_name_preset_login = "Auth-User";

Captcha

To require a captcha, set $use_captcha:

$use_captcha = true;

Tip

The captcha is used on every form in Self Service Password (password change, token, questions, etc.)